What is the equivalent of:
docker inspect -f '{{.State.Pid}}' <container id>
to get the pid of a Pod -if at all reasonable- or at least the pid of a container?
What is the equivalent of:
docker inspect -f '{{.State.Pid}}' <container id>
to get the pid of a Pod -if at all reasonable- or at least the pid of a container?
A pod is not a running process, so it does not have a PID.
What question are you really trying to solve?
Thanks @thockin, good point. In fact I know a pod is not a process, that’s why I sad “or at least the pid of a container”. The reason is to debug it. When working with docker I really appreciated being able to “nsenter” into the process’s namespace with --net option so that I has all the tools installed on the host, but in the constraint of the network of the container. I find it very useful and effective.
Now that I’m studying kubernetes I’d like to use the same technique.
Pedantically, a container doesn’t have a PID either. What you see is the PID of the “root” process in that container.
In Kubernetes you can nsenter the netns of any of the member containers - they are all the same netns. We also have EphemeralContainers
which seems to still be alpha.
Thanks again @thockin…
ok, that’s what I meant
…mmh… you mean all containers share the same net…? that’s definitely some things I already noted to be studied deeper.
I have a pod that doesn’t reach the database (hosted on the host, not on kubernetes). After adding IP to my docker I realized it has /32 netmask… I would have liked to be able to use tools from the system (as opposed to “tools in the container”) to investigate IP, route and so on.
In pure docker I can nsenter the root process and use “Ip addr ls”: is there an equivalent in kubernetes?
you mean all containers share the same net…? that’s definitely some things I already noted to be studied deeper.
That’s right. At least in all of the runtime implementations I know of.
I would have liked to be able to use tools from the system (as opposed to “tools in the container”) to investigate IP, route and so on.
This is what Ephemeral Containers is supposed to make better. Sadly it’s not GA yet.
In pure docker I can nsenter the root process and use “Ip addr ls”: is there an equivalent in kubernetes?
Kubernetes has an abstraction called CRI between kubelet and the container runtime. If you are using a Docker runtime, you can still do this. If you are using a different runtime you might need to figure out how to do it for that runtime, but unless you use something very different, it should be about the same.